Collaborate Disseminate
Let’s assume an ecommerce site works over HTTP, rather than HTTPS.
What are the practical dangers here? How could an attacker exploit this?
Whenever I read about dangers of unencrypted traffic, it is somehow magically assumed that the atta… Continue reading How does one take advantage of unencrypted traffic?
I currently have to write a paper for university in my Network Security lecture about methods of secure location verification. Therefore, I chose to write about several distance bounding protocols, e.g. the one by Brands and Chaum and the … Continue reading Problems understanding the use of Distance Bounding against Man-In-The-Middle attacks
I am working on analyzing Android applications from my phone using MITM Proxy. My Android phone version is 4.4.2, SDK is 19 and its rooted. I have performed all WiFi configurations required for MITM. Using manual proxy with the Proxy hostn… Continue reading How to bypass certificate pinning in Android phone?
I am working on analyzing Android applications from my phone using MITM Proxy. My Android phone version is 4.4.2, SDK is 19 and its rooted. I have performed all WiFi configurations required for MITM. Using manual proxy with the Proxy hostn… Continue reading How to bypass certificate pinning in Android phone?
My employer recently changed their WiFi network set up, and they now require accepting a certificate in order to connect.
Is there any way that I can check if they are performing a MITM attack to spy on the employees?
I would expect that I… Continue reading How can I determine if my employer is using their security certificate to MITM employees’ HTTPS connections?
My work lets us log onto their WiFi with our personal phones. We don’t have to log on every time; it just connects automatically. I have nothing downloaded on my phone from my work that they could ‘spy’ on me with.
Am I right in thinking i… Continue reading When logging into my work WiFi (we are allowed to do this) what exactly can they see? [duplicate]
Lets say i have connected to a VPN server using Linux with the help of Cisco anyconnect protocol or PPTP protocol.
now when i try to connect to it, it says :
The certificate may be invalid or untrusted!
Reason: signer not found
My home router is an AVM FritzBox and it’s able to log all incoming and outgoing traffic in a file format readable by Wireshark. Some days ago I started capturing all traffic for about an hour to get an understanding of what kind of traffi… Continue reading Did Wireshark capture an update of Adobe Acrobat Reader over an unencrypted connection?
I’m looking for existing tools, at best with a Python-API, which would allow me to silently intercept an established TCP connection for which the following assumptions hold:
All IP packets of the TCP-stream are routed through my node; the… Continue reading Tool for Special-Case Interception of established TCP-connection
I use a Yubikey in PIV/CCID mode. The PIN is sent from the host computer via automated script and unlocks the Yubikey PIV smartcard.
In this mode, is it essential that the USB connection is trusted?
In other words if an attacker can sniff … Continue reading Does the USB connection have to be trusted when using Yubikey CCID/PIV?